How to copy a SonicOS CLI configuration from the command line?
Description
The SonicOS CLI allows users to write settings in CLI command format from the UTM Appliance to a text file.
Access the firewall appliance either via SSH, or a Terminal Connection. Log in with administrator credentials.
Preparing the terminal client for logging
This task is best accomplished with a terminal shell that has logging capability. The configuration will be captured in the log file as the text is generated. If no logging capability exists for your terminal session tool, you will have to manually copy/paste from the terminal session to a text editor. This will be a very lengthy process.
Creating a log file with PuTTY terminal emulator.
Using a MacOS or Linux terminal emulator with script installed, logging can be accomplished by typing:Script SonicOSConfig.txt
This will save the configuration in the current directory with the name, SonicOSConfig.txt
Export the settings
Once terminal access is achieved you will be in user mode as indicated by the > character. From user mode, enter configuration mode by typing:
admin@PVT-IT-FW0> configure terminal
Your prompt will switch from > to #, signaling that you are in configuration mode.
The default behavior of the cli tool is to scroll a maximum of 24 lines before asking the user to press the spacebar to see another 24 lines. This allows terminal sessions with no scroll capability to be viewed frame by frame without the lines scrolling by too fast to be read. This functionality can be modified.
To display the defaults, type
config(PVT-IT-FW0)# show cli screen
cli screen width default 80
cli screen length default 24
cli screen width session 80
cli screen length session 24
You will not need to modify the default value. You will only modify the value for the current session. The maximum number of lines that you can change this value to is 1600. This means that the terminal will scroll 1600 lines before it asks you to press the spacebar for more information. Your configuration will be over 1600 lines, meaning that in your session log, you will have breaks that we will deal with later.
config(PVT-IT-FW0)# cli screen length session 1600
config(PVT-IT-FW0)# show cli screen
cli screen width default 80
cli screen length default 24
cli screen width session 1600
cli screen length session 24
Once that you see that the value for session is now 1600 lines, you will need to write those changes by issuing the commit command. No changes made during the cli configuration are written until the commit command is used.
config(PVT-IT-FW0)# commit
At this point you can query the firewall for the current configuration with the show current-config command.
config(PVT-IT-FW0)# show current-config
As stated earlier, the terminal window will display –MORE—needing the operator to press the spacebar to continue. While not visible in the terminal window, there will be some non-printable ‘junk’ characters that will also be produced in the log. For example:
--MORE--[8D[K
Examples of the MORE prompt:
address-group ipv4 "All X26 Management IP"
name "All X26 Management IP"
uuid 52ac8e40-ee07-e73c-0200
address-object ipv4 "X26 IP"
exit
--MORE--[8D[K
address-group ipv4 "All X27 Management IP"
name "All X27 Management IP"
uuid e3ac9444-fda7-a7cc-0200
address-object ipv4 "X27 IP"
exit
Once output has ended, you may exit the session by typing exit twice. You will need to sanitize your configuration file in three steps.
- Find the line where you issued the command show current-config. Delete that line, and all lines above it. The first line should now begin with firmware-version.
- Find the lines at the end that read checksum, and then end. Delete those lines, and all that follow.
- Remove all instances of the MORE prompt using a find and replace tool. In “Find what:”, paste –MORE— and the special characters exactly as they are in the configuration. Leave the “Replace With:” field empty. Hit “Replace All.”
- Save the file and the task is complete.
References: